How to restrict applications using Group Policies
The following procedure shows how to restrict an application from running using Software Restriction Policies. More details about Software Restriction Policies and the available options can be found here.
This example shows how to restrict the windows notepad application from executing:
- Start the local group policy editor by typing gpedit.msc in the Start search text box
- Go to Computer Configuration\Windows Settings\Security Settings\Software Restriction Policies node
- Expand the Software Restriction Policies node and select Additional Rules
- On the right hand side pane, right click and select New Path Rule…
- Click the Browse button to search for Notepad.exe, select it and set the Security level to Disallowed
- Click OK
- Run notepad.exe – you should get a message stating that the program is blocked by group policy as shown below:
It’s that simple, the notepad application is disallowed to run. Now, we create a more specific rule that overrides the Path Rule.
- On the right hand side pane, right click and select New Hash Rule…
- Click the Browse button to search for Notepad.exe, select it and set the Security level to Unrestricted
- Click OK
- Run notepad.exe – Now, the application should run successfully
- On the right hand side pane, right click each newly created policy and click Delete to remove these settings and return your computer to its previous state.
this article is for local policies not group policy
The same group policy can be used in domain environments! It is found in the default domain policy of group policy management in domain controllers.
Can someone please tell me how to block opera browser for all users in domain environment.
Some of the user in my company used to access internet through opera with another user account who has already permission to use internet. i have to stop this.
Please help me.
Thanks